Tor 0.2.8.6 Is Released

The latest version of the Tor project was released this week, offering
greater security and anonymity to individuals and organizations. Here's
why you should care.

Once upon a time, worrying about government surveillance was a sure sign of
paranoia. Unless you were building bombs or stealing secrets, the spies
and spooks couldn't be bothered.

Today, governments can and do spy on all of us. Technology makes it
possible—automated systems sift through our internet traffic, voice calls
are monitored, and SMS messages are intercepted regularly.
The cost of violating privacy has come down to the point where it isn't
just viable—it's routine.

It's always been dangerous for citizens in oppressive regimes to speak out
against their governments. Dictators have a bad track record for handling
criticism. Today, there are countries where simply looking at information
can lead to an arrest or worse.

Although it's easy to imagine such things happening overseas, the risk is much
closer than you may think. Click on a link to the wrong website, and
you're tagged. Search for ISIS news, and you're marked as a "radicalized
menace". Send the bomb emoji once too often, and you've had it.

And if that wasn't enough, cyber-criminals also are getting in on the act.
With so much private information passing through our devices, they
make a juicy target.

Security and privacy are fundamental rights, and without them, life is
pretty harsh. So it's in all our interests to protect them.

Which brings me back to Tor. While technology has increased the threat to
many of our liberties, it also offers solutions. Tor is one such solution.

Tor circumvents many of the mechanisms that governments and others use to
track your online actions. Normally, when you browse the web, your
computer sends a steady stream of HTTP requests to your ISP and through
multiple routers. These requests identify your machine and the server
to which you're connecting. They are logged and can be monitored.

Now the content of the requests can be secure. If you visit a site with an
https:// address, both sides will encrypt the information to protect your
privacy. But the client and server still are visible in the request
header.

For instance, if you posted some information to WikiLeaks, the content of
that post would be encrypted. It would be safe from prying eyes, but
those eyes would know that you posted something.

This information is visible as the request makes its way through the
internet. Internet packets pass through many points before they reach
their destination. That's how the internet works. Each step along the way
is another point where data could be collected.

Tor offers a solution by hiding the source and destination under multiple
layers of encryption. It uses its own decentralized network to forward
requests and responses so they remain private.

And even if one of the Tor nodes is compromised, the sender and recipient
still are protected. The entire message is encrypted so that only the last
node in the circuit can read it. The layers of encryption are like the
layers of the onion, and that's why it's referred to as onion routing.

Tor is essential for people in oppressed countries, organizations
transferring sensitive data and journalists. But it isn't perfect.
Cyber-criminals and intelligence agencies constantly are looking for exploits and
weaknesses. That's why it's essential that the Tor developers keep working on the
project to patch the holes and improve the performance.

The latest release contains more than 300 individual fixes and
improvements—it's the result of months of work. The bootstrapping
process has been overhauled for faster performance. The security keys
for relays are stronger. And the code is now more thoroughly tested
than before. The Tor team also has collaborated with Debian developers
to offer better protection to their users.

If you want to read more about the changes that have gone into this new
version, check out the changelog.